Cybersecurity News, Threats & Vulnerability Alerts
GlassWorm Malware Hijacks GitHub Tokens to Poison Python Repos
Attackers use stolen GitHub tokens to inject GlassWorm malware into hundreds of Python repositories targeting Django and ML projects.
CISA Warns of Actively Exploited Wing FTP Server Flaw
CISA alerts federal agencies about an actively exploited Wing FTP Server vulnerability enabling remote code execution attacks.
Companies House Fixes WebFiling Flaw Exposing UK Firms
Companies House closed its WebFiling service Friday to patch a security vulnerability that exposed British company information since October 2025.
Security Executive Hit by Multi-Vector Phishing Campaign
Cybercriminals deployed DKIM-signed emails and compromised infrastructure to target a security firm executive in a complex phishing operation.
PayPal Amazon Phishing Campaign Targets Customer Support
Cybercriminals impersonate PayPal and Amazon customer support representatives to steal sensitive information through sophisticated social engineering attacks.
Chinese APT Targets Asian Military Networks in Multi-Month Campaign
State-sponsored Chinese hackers infiltrated multiple Asian military networks using custom tools and maintained persistent access for months.
Storm-2561 Deploys Fake VPN Apps to Steal Credentials
Threat group Storm-2561 distributes malicious VPN clients through search engine manipulation to harvest user login credentials.
GitHub Accounts Breached in VS Code GlassWorm Aftermath
Hundreds of GitHub accounts compromised using stolen credentials from the VS Code GlassWorm malware campaign targeting Python repositories.
ClickFix Campaigns Deploy MacSync Stealer on macOS
Three ClickFix campaigns trick macOS users into manually installing MacSync information stealer through social engineering tactics.
Russian APT Targets Ukrainian Defense with New Malware
Russian-linked threat actors launched a fresh campaign against Ukrainian entities in February 2026, deploying new malware variants.
Poland Nuclear Research Center Hit by Cyberattack
Poland's nuclear research facility suffered a cyberattack with initial evidence pointing to Iranian threat actors.
Loblaw Data Breach Exposes Customer Personal Information
Canadian retail giant Loblaw disclosed a data breach affecting customer names, email addresses, and phone numbers accessed by unauthorized attackers.
Microsoft Patches Windows 11 Enterprise Hotpatch Flaw
Microsoft issued an emergency out-of-band update fixing security vulnerabilities in Windows 11 Enterprise hotpatch systems.
China's CNCERT Warns of OpenClaw AI Agent Security Flaws
China's cybersecurity agency alerts organizations about critical security weaknesses in OpenClaw autonomous AI agent platform configurations.
AppsFlyer Web SDK Hijacked in Supply Chain Attack
AppsFlyer's Web SDK was compromised with malicious code designed to steal cryptocurrency from users' wallets.
HPE AOS-CX Flaw Lets Attackers Reset Admin Passwords
Critical HPE AOS-CX vulnerability enables remote attackers to bypass authentication and reset administrator passwords without credentials.
FBI Probes 8 Malicious Steam Games Spreading Malware
FBI launches investigation into eight Steam games containing malware, seeking victim information from affected gamers.
China-Linked APT Targets Southeast Asian Military Since 2020
Palo Alto Networks Unit 42 exposes CL-STA-1087, a China-based cyber espionage group targeting Southeast Asian military organizations since 2020.
Poland Nuclear Research Centre Blocks Cyberattack
Poland's National Centre for Nuclear Research detected and stopped hackers targeting its IT infrastructure on March 13, 2026.
Interpol Sinks 45,000 Criminal IPs in Global Crackdown
Operation Synergia III dismantled cybercrime infrastructure across 95 countries, sinkholing 45,000 malicious IP addresses and seizing 59 servers.
Storm-2561 Distributes Fake VPN Clients to Steal Credentials
Threat group Storm-2561 uses fake Ivanti, Cisco, and Fortinet VPN installers to harvest enterprise credentials through SEO poisoning attacks.